CVE-2011-1340 in ploneinfo

Summary

Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/09/2011

Disclosure

08/05/2011

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
58193plone cross site scripting79Not definedOfficial fixCVE-2011-1340

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext